From 55ad4aef932036908afcad6f20ae13f48e12db53 Mon Sep 17 00:00:00 2001
From: miod <>
Date: Wed, 18 Jun 2014 04:51:31 +0000
Subject: In ssl3_send_newsession_ticket(), fix a memory leak in an error path.

---
 src/lib/libssl/s3_srvr.c         | 6 ++++--
 src/lib/libssl/src/ssl/s3_srvr.c | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index c37cd421dc..cab034d18f 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.64 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.65 2014/06/18 04:51:31 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2960,8 +2960,10 @@ ssl3_send_newsession_ticket(SSL *s)
  		 */
 		if (!BUF_MEM_grow(s->init_buf,
 		    26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
-		    EVP_MAX_MD_SIZE + slen))
+		    EVP_MAX_MD_SIZE + slen)) {
+			free(senc);
 			return (-1);
+		}
 
 		p = (unsigned char *)s->init_buf->data;
 		/* do the header */
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index c37cd421dc..cab034d18f 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.64 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.65 2014/06/18 04:51:31 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2960,8 +2960,10 @@ ssl3_send_newsession_ticket(SSL *s)
  		 */
 		if (!BUF_MEM_grow(s->init_buf,
 		    26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
-		    EVP_MAX_MD_SIZE + slen))
+		    EVP_MAX_MD_SIZE + slen)) {
+			free(senc);
 			return (-1);
+		}
 
 		p = (unsigned char *)s->init_buf->data;
 		/* do the header */
-- 
cgit v1.2.3-55-g6feb